|
|
|
|
|
||||||||||||||
 |
|
 |
 |
 |
|
 |
|
 |
|
 |
|
 |
|
|
|
||||||||||||||
|
||||||||||||||
|
Home > Samples > Update > December 2006 |
|
  |
|
||||
| Product Activation Comes to Business | ||||
|
||||
|
By Michael Cherry [bio]
The following is the full text of an article published by Directions on Microsoft, an independent research firm focused exclusively on Microsoft strategy & technology. More samples of our content, as well as a list of upcoming articles and reports are also available. To stop pirates and counterfeiters, Microsoft will require that all customers—including volume license customers—activate Windows Vista and Longhorn Server. First introduced in consumer editions, activation verifies that newly installed software is not pirated. Eventually, most Microsoft products will incorporate activation as well as "Genuine Advantage" validation, which continually checks that the software is still legal before it permits users to download patches or other types of updates. Expansion of activation will complicate software deployment for business customers, and it could delay some Vista deployments. Addressing the Piracy Problem Microsoft is expanding activation and validation checking to address continued costs due to software piracy, and emerging threats to security and privacy from pirated software. A May 2006 Business Software Alliance (BSA) and IDC Piracy study estimates that piracy cost the software industry US$37 billion worldwide in software license revenue in 2005. Obviously, Microsoft is hurt by this lost revenue, but some partners, such as system builders, are also affected, because they must compete with pirates who are not paying for the counterfeit software they sell. Customers might not be concerned about the software industry's lost revenues, but security and privacy threats could give them pause. According to Microsoft, many pirated copies of Windows have malware or corrupt Windows system files. The files in the pirated editions have not merely been modified to circumvent activation or validation programs—the counterfeit software includes malicious software additions, such as keystroke loggers, rootkits (hidden, unauthorized programs that enable administrator-level remote access to a computer), and Trojans. Consequently, counterfeit copies can endanger the security and privacy of their users and provide a platform for attacks on other systems. The problem for customers and resellers is further compounded by the increased sophistication of the counterfeiters. A counterfeit copy of Windows is no longer easily distinguished by sloppy or unprofessional artwork or duplication methods, and some counterfeit copies include near-perfect facsimiles of copy protection mechanisms, such as holograms and Certificates of Authenticity. Microsoft is addressing piracy with a multipronged campaign that includes the following measures:
Volume Activation Plugs Large Hole Vista will be the first Windows version to enforce activation for all users, including those with volume licenses. Previously, customers in volume licensing programs, such as Enterprise Agreements (EAs), Open, and Select, used special media and volume license keys (VLKs) that were exempt from activation. A single VLK allows multiple installations of a product from specialized volume media, and, in the past, it bypassed the activation process; therefore, the new activation technology will have the greatest impact on customers who use volume licensing and want to upgrade to Vista. Some pirates were able to obtain VLKs (for example, from a volume licensing customer who was unaware that the plain-text key used to build images for the customer's image-based installations had been copied and was being used outside of their organization) and to activate thousands of pirated copies of Windows. Since a copy of Windows activated this way does not confirm its installation with Microsoft's activation servers, Microsoft had no way to disable a VLK. According to Microsoft, 21% of all Windows versions used globally are pirated (which would be in excess of 500 million copies), and a significant number of the pirated Windows versions circumvented activation with misappropriated VLKs. To solve this problem, Microsoft has created Volume Activation version 2.0, which requires that even computers with volume licenses contact Microsoft. This will let Microsoft monitor the number of activations with a single key and disable activations with a key that appears to have been stolen. The new activation requirement will not affect customers who purchase computers in which the OEM has preinstalled a version of Vista. The new activation kicks in under three scenarios: they upgrade Windows XP to Vista, they reimage an OEM preinstalled version of Vista with a version from volume license media, or they ask the OEM to install a unique or customer-specific image. Volume Activation version 2.0 supports new types of license keys and several new modes of activation. This means that large organizations that use volume licensing need activation alternatives and tools that support the efficient activation of large numbers of computers running Vista. The new Vista activation technology uses Microsoft's Software Protection Platform (SPP), which will eventually support activation of all Microsoft products. (See the sidebar "The Software Protection Platform".) Penalties for Nonactivation Failure to activate Vista properly will result in Vista eventually entering Reduced Functionality Mode (RFM). As that time draws near, Vista will remind the user with increasing frequency of the need to activate. If a Vista computer shows signs that system files have been tampered with to circumvent activation, or if Vista fails a validation check for any other reason, the computer will also enter RFM. If a user is unable to activate within 30 days, some high-end features of Vista, such as the Windows Aero shell, Defender antispyware product, and ReadyBoost performance-enhancing technology, will no longer function, and a persistent message or icon indicating noncompliance will appear in the lower right side of the screen. If a system cannot be validated, customers will also be denied access to the Download Center site for add-on products or hotfixes (but will still be able to get critical and important security patches). When running in RFM, customers will be reminded at various times, such as when starting Vista, that they need to activate or validate to restore full functionality, and the customer will be warned when the next level of reduced functionality will begin. Modes of Activation for Volume Licenses Volume licensees can activate Vista in three ways: with an "independent" Multiple Activation Key (MAK), a "proxy" MAK, or a Key Management Service (KMS). A customer might use any or all of these modes. Independent MAK Activation In independent activation, each computer activates itself directly with Microsoft using a MAK. A MAK is like a traditional volume license product key which enables a customer to install Windows. However, each MAK is preloaded with a set number of activations that it can perform. Each MAK-activating computer connects one time with Microsoft, either across the Internet or by the user calling Microsoft on the phone, to complete activation. This is similar to the way in which most consumers activate Windows XP today. Independent MAK activation will be most practical for small organizations or for branch offices of large organizations with fewer than 25 computers. MAK Proxy Activation MAK proxy activation uses a Vista computer that coordinates and consolidates MAK activation for several computers. (At some point after Vista's general availability, Microsoft will enable Windows Server 2003 to run the stand-alone MAK proxy application.) The MAK proxy computer collects information about other computers being activated, assigns a MAK to each of those computers, and then connects to Microsoft to activate all the computers at once. The MAK proxy computer then distributes the activation confirmation identifiers to the newly activated machines and decrements the number of activations permitted with the MAK key by the number of new activations. MAK proxy activation requires only the MAK proxy computer to connect to Microsoft, although all computers being activated have to connect to the proxy computer. (For an illustration, see "MAK Proxy Activation".) MAK proxy activation will be most practical for small organizations or for branch offices of large organizations with fewer than 25 computers that do not want each computer to contact Microsoft for security reasons (for example, the computers may not have full Internet access). Key Management Service Activation KMS activation requires no direct connection to Microsoft at all, but does require that each computer contact a KMS service (running on a Vista computer) within the organization at least once every 180 days. (As with MAKs, at some time after Vista's general availability, Windows 2003 servers will also be able to perform this function.) A special KMS key, assigned to the organization's KMS service, enables the organization to activate multiple computers. KMS activation will be most practical for large organizations that do not want each computer to contact Microsoft. KMS activation is architecturally similar to the way in which Windows Server Update Services works in large organizations: an internal service can replace Microsoft's public AutoUpdate service, reducing WAN traffic and giving the organization greater control. KMS activation requires that an organization validates more than 25 computers. KMS will queue activation requests until there are more than 25 physical Vista clients or five physical Windows Longhorn Servers awaiting activation before it will activate any computers. (Note that a version of Vista running in a virtual machine does not count toward the 25-computer threshold.) Because computers can run without activation for at least 30 days, queuing of activation requests will not prevent the first 25 Vista machines from operating normally, as long as the organization meets the threshold for activation before that time. Computers activating with KMS will locate the KMS service either by autodiscovery (finding the KMS via the organization's DNS servers) or by direct connection. (The administrator running Vista setup enters the KMS location information or the KMS location is preconfigured in each computer's Registry.) The KMS service activates the computer for a 180-day period. Before the end of that period, the computer must once again connect to the KMS and reactivate—this reactivation can be configured to begin as soon as seven days after the initial activation. Reactivation does not require any user interaction and should be undetectable. Although the KMS is new, Microsoft claims that it is a lightweight service and a single KMS can support hundreds of thousands of clients. Most organizations should be able to operate with just two KMS machines for their entire infrastructure—one main KMS machine and one backup machine for redundancy. (For an illustration, see "KMS Activation".) Obtaining Activation Keys Customers obtain MAK and KMS keys from either the Microsoft Volume Licensing Site (MVLS), eOpen, or the Microsoft Developer Network (MSDN). MAK keys come with a preauthorized number of activations. KMS keys are only available for organizations with 25 or more computers and can activate an unlimited number of computers. Each volume license agreement comes with one MAK key and one KMS key. The MAK and KMS keys play no role in ensuring that the customer has the correct number of licenses; the keys perform only an activation management function. MAK keys can be used until all the licenses are decremented—for example, if a MAK is set to grant 100 licenses, activation will fail on computer 101, and the customer would have to get a "refill" for the MAK from Microsoft in order to activate additional computers. The customer can complete installation without activation but has a limited time in which to complete activation. MAK keys have another limitation: if the customer needs to reinstall the OS on a computer that has been activated, the customer will need to reactivate the computer, and the reactivation will use a new key, decrementing the count of permitted activations. There does not appear to be any method to recycle old keys from computers that are reinstalled or taken out of service. OEM License Activation for Volume Customers For Vista, OEM license activation and activation of Windows retail editions remains essentially unchanged from Windows XP, but volume licensing customers who have the OEM preinstall the organization's custom image during manufacturing will have to work with the OEM to ensure that the custom-built computers work with one of the new volume license activation modes. Planning an Activation Strategy Microsoft has updated its Solution Accelerator for Business Desktop Deployment (BDD), which provides prescriptive guidance—including documentation and tools with a Volume Activation Guide—and additional Volume Activation tools will be available in the future. But for now, customers installing Vista themselves or having an OEM preinstall a customer-specific image need to determine how they will activate Vista. Customers planning to use the new Windows computer-imaging tools in the BDD to create custom images for deploying Vista must make sure that they have an activation infrastructure in place that will work with their images. As a minimum, Microsoft suggests that the basic steps in selecting an activation mode include the following:
Microsoft documentation indicates some organizations may want to use both MAK and KMS activation. For example, a remote location may have less than 25 computers and limited network access to the organization's KMS service, so it could activate the computers in that site with MAK. Although Microsoft says it has tried to minimize the burden of Windows Activation and the Genuine Windows Program for organizations using Vista, they could nonetheless find it difficult to determine which activation methods to use, deploy the tools, and activate large numbers of computers, and this complexity could slow down initial Vista deployments. The ultimate success or failure of the program to Microsoft will be measured in how much piracy is reduced. The ultimate success or failure of the program to customers will very much depend on how the Volume Activation program and tools evolve. If activation raises the total cost of ownership, customers may stay with Windows XP SP2 as long as they can, or customers may be more open to other OSs, such as Apple's Mac OS X or a desktop Linux distribution. Resources A Software Protection Platform white paper is available at download.microsoft.com/download/c/2/9/c2935f83-1a10-4e4a-a137-c1db829637f5/10-03-06SoftwareProtectionWP.doc. The Genuine Windows Advantage Initiative is described at www.microsoft.com/genuine/default.mspx?displaylang=en. Microsoft Volume Licensing Services is located at https://licensing.microsoft.com/eLicense/L1033/Default.asp. Microsoft eOpen is located at https://eopen.microsoft.com/EN/default.asp. The Microsoft Solution Accelerator for Business Desktop Deployment 2007 (Beta 2) can be downloaded from www.microsoft.com/technet/desktopdeployment/bdd/2007/default.mspx. Details on Vista setup, including improved support for image-based deployment, are described in "Windows Vista Setup Eases Deployment" on page 3 of the July 2006 Update.
|
||||
|
|||
|
|||
|
Members | Contact Us | About Us | Samples | Subscribe | Jobs | ||
|
|
|
|
|
|
||
|
|
